Like this article? We recommend

Like this article? We recommend

In this article I'll try to explain how I, Ratter, proceeded while creating Dust,
the first Pocket PC virus, including which techniques and utilities I used.
I'll also include annotated source code. Following the description,
I'll cover which problems I faced when moving from Win32 to WinCE, and
present my theories about future directions in Pocket PC viruses.

NOTE

To completely understand the source code in this article, you'll need to
know at least the basics of ARM instructions; start with Seth Fogie's
article
"Embedded Reverse Engineering: Cracking Mobile Binaries"
(PDF). At the end of that document, advanced ARM topics are also explained. In
addition, a basic knowledge of the
portable executable format
will help. You can download the
utilities
that you'll need to convert the source code to its executable form.

Compilation

First, we'll cut everything between these two labels:

** virus_source **
** virus_source_end **

Then we'll paste that code to a new file called wince_dust.asm. For
compiling, we'll use armasm (the Microsoft macro assembler for ARM) and the
WinCE-aware version of Microsoft link. Both these utilities can be found
here
and we'll use them as follows:

After these steps, the executable file wince_dust.exe is created, which can
be transferred to the PDA and tested. The virus infects all suitable PE .exe
files in the root directory (My device) of the device. Before the infection
itself, the virus asks for permission (see Figure 1).